diff --git a/menu/navigation.json b/menu/navigation.json
index 53c71e8f2a..63222d7855 100644
--- a/menu/navigation.json
+++ b/menu/navigation.json
@@ -501,8 +501,12 @@
"slug": "disable-km-keys"
},
{
- "label": "Delete Key Manager keys",
+ "label": "Schedule Key Manager keys for deletion",
"slug": "delete-km-keys"
+ },
+ {
+ "label": "Recover keys scheduled for deletion",
+ "slug": "recover-deleted-keys"
}
],
"label": "How to",
diff --git a/pages/key-manager/concepts.mdx b/pages/key-manager/concepts.mdx
index a13a96f3c2..5e5079ca51 100644
--- a/pages/key-manager/concepts.mdx
+++ b/pages/key-manager/concepts.mdx
@@ -3,7 +3,7 @@ title: Key Manager - Concepts
description: Explore essential cryptographic concepts, including symmetric and asymmetric encryption, data encryption keys (DEKs), key encryption keys (KEKs), and Scaleway Key Manager's robust features for secure key management and encryption operations.
tags: key-manager key encryption-key
dates:
- validation: 2025-02-06
+ validation: 2025-07-24
---
## Asymmetric encryption
@@ -141,6 +141,12 @@ A region refers to the **geographical location** in which your key will be creat
A root encryption key (REK) is another type of key that has the single purpose of encrypting and decrypting KEKs in order to store them in hard storage. Scaleway's Key Manager has one REK per region, which is securely stored in our facilities.
+## Scheduled deletion
+
+When you delete a key, it is scheduled for deletion. This lets you mark a key and its version for deletion ahead of time. Instead of immediate deletion, the key enters a 7-day pending deletion period, during which you can still recover it.
+
+During this time, you can read your key version but cannot edit, access, or delete it. After the retention period, the key and its version are permanently deleted.
+
## Symmetric encryption
Symmetric encryption is a fundamental type of cryptographic method where the same key is used to both encrypt and decrypt data. This means that the sender and receiver must have access to the same secret key, which they use to secure their communication.
diff --git a/pages/key-manager/faq.mdx b/pages/key-manager/faq.mdx
index ef70208155..7e680cd03d 100644
--- a/pages/key-manager/faq.mdx
+++ b/pages/key-manager/faq.mdx
@@ -2,7 +2,7 @@
title: Key Manager FAQ
description: Explore Scaleway Key Manager with our comprehensive FAQ covering security, key types, and more.
dates:
- validation: 2025-02-06
+ validation: 2025-07-24
productIcon: KmsProductIcon
---
@@ -35,3 +35,11 @@ Key Manager supports the three following cryptographic operations:
Keys with a [key usage](/key-manager/concepts/#key-usage) set to `symmetric_encryption` are **used to encrypt and decrypt data**.
Refer to our [dedicated documentation](/key-manager/reference-content/understanding-key-manager/) to find out more about Key Manager.
+
+## What happens when I delete a key?
+
+When you delete a key, it is scheduled for deletion. This lets you mark a key and its version for deletion ahead of time. Instead of immediate deletion, the key enters a 7-day pending deletion period, during which you can still recover it.
+
+During this time, you can read your key version but cannot edit, access, or delete it. After the retention period, the key and its version are permanently deleted.
+
+Recovering keys [scheduled for deletion](/key-manager/concepts/#scheduled-deletion) is billed €0.01 per key.
diff --git a/pages/key-manager/how-to/delete-km-keys.mdx b/pages/key-manager/how-to/delete-km-keys.mdx
index 4e1d83ca55..74f5db3534 100644
--- a/pages/key-manager/how-to/delete-km-keys.mdx
+++ b/pages/key-manager/how-to/delete-km-keys.mdx
@@ -1,15 +1,17 @@
---
-title: Delete a Key Manager key
+title: Schedule a Key Manager key deletion
description: Discover how to delete a Key Manager key from the Scaleway console.
tags: key-manager delete key
dates:
- validation: 2025-02-06
+ validation: 2025-07-24
posted: 2025-02-06
---
import Requirements from '@macros/iam/requirements.mdx'
-This page shows you how to delete a Key Manager key.
+This page explains how to [schedule a key deletion](/key-manager/concepts/#scheduled-deletion) using the Scaleway console. You cannot delete protected keys, i.e. keys to which you have applied [key protection](/key-manager/concepts/#key-protection).
+
+Once you schedule a key for deletion, it enters a 7-day pending deletion period, during which you can still recover it. After this retention period, the key and its version are permanently deleted.
@@ -20,11 +22,12 @@ This page shows you how to delete a Key Manager key.
## How to delete a key
-1. Click Key Manager in the **Security and Identity section** of the [Scaleway console](https://console.scaleway.com) side menu. Your keys display.
+1. Click Key Manager in the **Security & Identity section** of the [Scaleway console](https://console.scaleway.com) side menu. Your keys display.
2. Click the key you want to delete.
3. Scroll down to the **Delete key** section, and click **Delete key**.
-4. Type **DELETE** to confirm and click **Delete key**.
+4. Type **DELETE** and click **Delete key** to confirm. Your key displays in the **Scheduled for deletion** tab for a period of 7 days before being permanently deleted.
All data encrypted using this key, including data encryption keys, will become unusable.
+ Deleting a key is a permanent action. All data encrypted using this key, including data encryption keys, will become unusable, if you do not [recover it](/key-manager/how-to/recover-deleted-keys/) before the end of the retention period.
diff --git a/pages/key-manager/how-to/recover-deleted-keys.mdx b/pages/key-manager/how-to/recover-deleted-keys.mdx
new file mode 100644
index 0000000000..e3d75f9b01
--- /dev/null
+++ b/pages/key-manager/how-to/recover-deleted-keys.mdx
@@ -0,0 +1,40 @@
+---
+title: How to recover keys scheduled for deletion
+description: Recover keys scheduled for deletion in the Scaleway console before they are permanently removed.
+tags: key encrypted-data scheduled-deletion recover-keys
+dates:
+ validation: 2025-07-24
+ posted: 2025-07-24
+---
+import Requirements from '@macros/iam/requirements.mdx'
+
+
+This page shows you how to recover keys scheduled for deletion using the Scaleway [console](https://console.scaleway.com). Once you schedule a key for deletion, it enters a 7-day pending deletion period, during which you can still recover it.
+After this retention period, the key and its version are permanently deleted.
+
+
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- Created a [key](/key-manager/how-to/create-key/)
+- Scheduled keys for deletion
+
+## How to recover one key
+
+1. Click **Key Manager** in the **Security & Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
+2. Select the [region](/key-manager/concepts/#region) in which to recover the key, in the **Region** drop-down.
+3. Click the **Scheduled for deletion** tab. Your keys display.
+4. Click next to the key you want to recover and click **Recover**. A pop-up displays the estimated cost of recovering the key.
+
+ Recovering a key is billed €0.01 per key.
+
+5. Click **Recover key** to confirm. Your key displays in the **Keys** tab.
+
+## How to recover several keys
+
+1. Click **Key Manager** in the **Security & Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
+2. Select the [region](/key-manager/concepts/#region) in which to recover the key, in the **Region** drop-down.
+3. Click the **Scheduled for deletion** tab. Your keys display.
+4. Tick the checkboxes next to **Name** to select all the keys you want to recover.
+5. Click the circular arrow to recover the selected keys.
+6. Check the estimated cost and click **Recover keys** to confirm.
\ No newline at end of file